Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 11853 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Security and Control, Backup jobs failing

JohnDavis

I have been researching continual failed backup jobs and finally verified that Sophos is causing our backup jobs to skip files.

Essentially a job will run and skip random file numbers 1, 5 and 7

The next time the job runs it will skip files 3, 6 and 9

Never makes much sense on what is skipped...

The backup software we use is NovaBackup DataCenter 5.5

Anyway, When Sophos On-access scanning is disabled, poof...

No errors...

So... I need to find out if any of the following are options...

1. Via command line, can I turn off On-access scanning for reading files?

2. Can I configure Sophos Endpoint Security and Control  to not scan files being accessed by the backup software?

3. Can I configure Sophos to turn off On-access scanning during a backup window?

4. Can anything be done to make Sophos work with my backup software?



This thread was automatically locked due to age.
  • 0

    Hello John Davis,

    1. no command line or published automation interface for SAV on Windows AFAIK. You could stop the SAV and SAU services though.

    2. Please see How to exclude a process? - guess this option still available (thread contains also some suggestions for 4.)

    3. no automated (and therefore no timer-based) policy changes

    4: ... or: to make your backup software work with Sophos [;)]. From time to time there's a thread with a backup vs. Sophos issue, can't remember one with a description of the underlying cause (some overhead due to scanning is obvious, OTOH if it were a general problem there'd be more queries).

    Christian 

  • 0 in reply to QC
    While I found the option to exclude a process fairly straight forward, it did not seem to work.
    Is there any way to know that it is still supported?
  • 0 in reply to JohnDavis

    Hello John Davis,

    took some days off, sorry for the delayed reply.
    it did not seem to work - what is it, how did you test? Please note that the lookup is case sensitive and the string must match the process name exactly. Changes in the list are picked up only when the driver is loaded (usually on reboot). Haven't tested on Win8 and above, though I think the behaviour is still the same. You can verify the basic function using savtst32.exe (from the sec_5xx\tools\ directory): Create an ExcludedProcess0 value, say SavTst.eXe,  reboot. Run savtst32.exe, File->On-Access Test. You should get the correctly pop-up. Close it, rename (exactly) to the registry value, run again. It should now pop-up not correctly.

    Christian

  • 0 in reply to QC
    Where can I get the Tools from?
  • 0 in reply to JohnDavis

    Hello John,

    it's contained in the self-extracting SEC package from the Download section. The sec_nnn_sfx.exe unpacks itself  by default to C:\sec_nnn\ creating the \ServerInstaller and the  \tools subdirectory (the installer commences automatically but can be canceled at this point; alternatively you can extract savtst32.exe e.g. with 7zip).

    Christian

Unfiltered HTML